The Fragmentation Attack in Practice by Andrea Bittau September 17, 2005. This paper provides a detailed technical description of the technique. A local copy is located here. A local copy of the presentation slides is located here. Also see the paper “The Final Nail in WEP's Coffin” on this page.

Attacks on the WEP protocol by Erik Tews, December 15, 2007. This thesis summarizes all major attacks on WEP. Additionally a new attack, the PTW attack, is introduced, which was partially developed by the author of this document. Some advanced versions of the PTW attack which are more suitable in certain environments are described as well. Currently, the PTW attack is fastest publicly known key recovery attack against WEP protected networks.

Additional Papers

This section has papers where are referenced in the previous section or are just simply interesting in the context of wireless.

Breaking 104 bit WEP in less than 60 seconds by Erik Tews, Ralf-Philipp Weinmann and Andrei Pyshkin, April 1,2007. The paper abstract is here. The paper describes an active attack on WEP that requires extremely few packets. The web page has a link to their tool which implements the technique.

WPA Key Calculation by Joris van Rantwijk. It page allows you to calculate the Pairwise Master Key and explains how it is done.

Books

There are hundreds of books about wireless. This section makes no attempt to list all the available books regarding wireless. Rather, it lists books which will likely be of specific interest to the readers of the wiki. If you have read books that you think should be included here, please post information about them to the forum.

Please keep in mind that books are always dated to some degree. If you are looking for 100% up to date material and information then the Internet is your friend.

Comments

Although it is designed as a study guide, it is an excellent book to learn the theory of wireless. Having read and studied this book, you will have a really solid understanding of the various forms of wireless, types of packets and how everything works together.

Comments

Although many of the tools and some of the material in the book has become dated, it is still a great introduction to the subject. The focus is on practical application of the tools and concepts rather then lots of theory. Easy reading and still a worthwhile investment.

802.11 Wireless Networks, The Definitive Guide

Author: Matthew S. Gast

Paperback: 656 pages

Publisher: O'Reilly Media; 2 edition (April 25, 2005)

Language: English

ISBN-10: 0596100523

ISBN-13: 978-0596100520

Comments

An excellent book about Wifi, from the physical layer to the different encryption protocols and going through details of the different frames that you might encounter on WiFi networks.

Compiling Kernels

A common question on the forums is how to compile a new kernel. This section attempts to identify links to documents, HOWTOs and similar which you may find helpful in this regard.

“CONFIG_ZD1211RW=m” If the module is not “enabled” in the kernel config then you need to set the variable for that specific module to “m” for module. IE Enable it. It is not always required and must be changed to the specific driver you are trying to compile.

“-C” This has to be set to the location of your kernel source tree. “-C /lib/modules/`uname -r`/build” will typically work correctly.

“M=” This has to be set to the location of the source files to be compiled. If you have already changed to the directory containing the source files then “M=`pwd`” will typically work correctly. pwd specifies the current directory you are in.

There are some considerations regarding installing a single module. You will need to ensure that the new module overwrites the existing one in /lib/modules. Sometimes it ends up being placed in a different location in the /lib/modules tree. If this happens then be sure to delete to the old version and run “depmod -ae”.

Alternatively, manually copy the newly created .ko kernel modules over the existing ones located in the /lib/modules tree.

"Vista Wireless Power Tools for the Penetration Tester" by Joshua Wright. This paper is designed to illustrate the Vista tools useful for wireless penetration testing, the format of which is designed to be easy to read and utilize as a learning tool. Designed after the timeless work of “Unix Power Tools” by Sherry Powers, et al, this paper presents several “article-ettes” describing the requirements, Vista features and solutions for challenges faced by a penetration tester attacking wireless networks. This paper also presents two new tools, vistarfmon and nm2lp, both available on the InGuardians Tools page.